Collaborate Disseminate
A primer on encryption mechanisms and how they are exploited by malware authors, including an introduction to encryption and the main methods used to encrypt ransomware.
Categories:
Threat analysis
Tags: 101encryptionransomware
(Read more…… Continue reading Encryption 101: a malware analyst’s primer
Android users have been exposed to drive-by cryptomining in one of the largest campaigns that we have detected so far.
Categories:
Threat analysis
Tags: AndroidBotCAPTCHAcoinhivecrypto miningcryptominingdrive-by
(Read more…)
The post… Continue reading Drive-by cryptomining campaign targets millions of Android users
A new Mac cryptocurrency miner, called OSX.CreativeUpdate, was being distributed from the MacUpdate website, in the guise of known apps such as Firefox.
Categories:
Mac
Threat analysis
Tags: cryptominercryptominingmacmac malwareMacUpdatePlatypu… Continue reading New Mac cryptominer distributed via a MacUpdate hack
We’ve found that a variant of the Scarab ransomware, called Scarabey, is distributed via a different technique, with a different payload code, and a new target: Russia.
Scarabey, like most ransomware, is designed to demand a Bitcoin payment from i… Continue reading Scarab ransomware: new variant changes tactics
We’ve found that a variant of the Scarab ransomware, called Scarabey, is distributed via a different technique, with a different payload code, and a new target: Russia.
Scarabey, like most ransomware, is designed to demand a Bitcoin payment from i… Continue reading Scarab ransomware: new variant changes tactics
Ransomware may have slowed its growth but is still a go-to payload for threat actors looking to monetize drive-by download attacks. The latest attempt: GandCrab ransomware.
Categories:
Exploits
Threat analysis
Tags: exploit kitsgandcrabgandcrab… Continue reading GandCrab ransomware distributed by RIG and GrandSoft exploit kits
Two new extensions in Firefox and Chrome force install then hide from the user. Learn how you can protect yourself against them and remove them manually.
Categories:
Malware
Threat analysis
Tags: blockedchromeextensionsfirefoxnormal removalPiet… Continue reading New Chrome and Firefox extensions block their removal to hijack browsers
The Heaven’s Gate technique has been around since 2009. But now coin miners are using it to maximize their performance in the target architecture.
Categories:
Malware
Threat analysis
Tags: coin minersHeaven’s Gatemalware analysis
(Read more…. Continue reading A coin miner with a “Heaven’s Gate”
We take a look at a prolific campaign that is focused on the distribution of coin miners via drive-by download attacks. We started to notice larger-than-usual payloads from the RIG exploit kit around November 2017, a trend that has continued more … Continue reading RIG exploit kit campaign gets deep into crypto craze
The ransomware previously known as Blind has been spotted recently with a .napoleon extension and a bug fix that means files can no longer be decrypted by victims. In this post, we’ll analyze the sample for its structure, behavior, and distributio… Continue reading Napoleon: a new version of Blind ransomware